Directory Services

Configuring DSML Services for Windows Manually

DSML Services for Windows can be configured manually. A manual configuration is usually performed to support multiple installations of DSML Services for Windows on the same IIS server.

Manually configuring DSML Services for Windows

To configure DSML Services for Windows manually:

Install files for DSML Services for Windows

For more information about installing the files, see Installing DSML Services for Windows.

Configure IIS and Active Directory

Configure the server to support IIS if this has not already been done. You should also have an Active Directory domain controller running before continuing.

Create the DSML virtual directory

  1. Start IIS services and create a new virtual directory named dsml on the Web server under the Default Web Site, with the path to directory set to C:\DSFW\bin (or to the directory you created during the setup process).
  2. Set the Execute Permissions of the virtual directory to Scripts and Executables.

    This creates the new virtual directory.

Configure the DSML virtual directory

  1. Right-click the virtual directory, and then select Properties.
  2. From the Directory Security property page, click on Edit in the Anonymous Access and Authentication control group box. Disable Anonymous Access.
  3. Configure the virtual directory to support Basic authentication and Integrated Windows authentication.

    Note  It is highly recommended that you enable SSL if you select Basic authentication. This prevents passwords from being transmitted in plaintext.

  4. From the Virtual Directory property page, select Configuration.
  5. From the Mappings tab of the Application Configuration dialog box, select Add. Set the Executable to c:\dsfw\bin\adssoap.dll (or the path to adssoap.dll where it was copied). Set the Extension to .dsmlx, and then set the Verbs to Limit To: POST.
  6. This step is optional. From the Virtual Directory property page, set the Application Protection to High or Medium isolation.

Modify the DSML configuration file

Modify the dsmlv2.config configuration file found in the %SystemRoot%\system32 directory. The generic template for the configuration file is shown below.

<virtualDirectory url="virtualDirURL">

virtualDirURL should be filled in with the URL to the extension, without the Web server name. For example, if you create an IIS virtual directory named dsml, which allows the extension to be accessed as, set virtualDirURL as /dsml/adssoap.dsmlx.

All of the element tags inside the <virtualDirectory> element are optional. To omit one, omit the entire line, including the surrounding XML elements. For example, to omit serverName, omit <server>serverName</server>:

For example, using the dsml virtual directory example given previously, the following dsmlv2.config would specify that the IIS virtual directory should process requests for an Active Directory server named It should connect on port 389, with connection and operation timeouts of 30 seconds. It should keep up to 10 connections open simultaneously.

   <virtualDirectory url="/dsml/adssoap.dsmlx">

It is possible to create multiple IIS virtual directories on the Web server that use the adssoap.dsmlx extension. This can be used, for example, for sending requests to different Active Directory servers. All virtual directories on an IIS server share the same dsmlv2.config file. The IIS virtual directories must be created and configured with the proper permissions (using the steps listed previously in this topic) before the DSML Services for Windows configuration file is modified.

To configure a multiple virtual directory installation, create a separate virtualDirectory section for each virtual directory in the configuration file. For example, if you want to extend the example above to include a second virtual directory named dsml2 that sends LDAP operations to a Active Directory server named (also on port 389, but with no connect or operation timeout, and using the default number of connections), you could create a dsmlv2.config file similar to the following.

   <virtualDirectory url="/dsml/adssoap.dsmlx">
<virtualDirectory url="/dsml2/adssoap.dsmlx">

The dsmlv2.config file should have its file access permissions set so that all authenticated users have read access, and only administrators and IIS administrators have read/write access. This enables the DSML Services for Windows to read the configuration file while impersonating a user, yet prevents the configuration file from being subject to either accidental or malicious changes.

Test the DSML Configuration

The DSML Services for Windows installation is now configured and ready for use. To test the installation, take the following steps:

  1. Adjust the value of the dn in the Search.xml file to match the Active Directory domain name.
  2. If testing a multiple virtual directory installation and the name of the virtual directory is something other than dsml, edit the dsmltest.vbs testscript accordingly. Comments in the script file will state where the appropriate changes must occur.
  3. Run the following test script at a command prompt, using a user account that has the proper credentials to access the DSML Services for Windows server.

    csript dsmltest.vbs dsmlServerName

The following code example shows a test of the installation.

 C:\DSfW>type search.xml

<se:Envelope xmlns:se="">
  <se:Body xmlns="urn:oasis:names:tc:DSML:2:0:core">
		 <searchRequest dn="dc=fabrikam,dc=com"
				 <present name="objectClass"/>
					 <attribute name="dc"/>
					 <attribute name="description"/>

C:\Program Files\Microsoft\Microsoft DSMLv2 Server>cscript dsmltest.vbs dsml01

Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.

Connecting to DSMLv2 Server...

Constructing DSML/SOAP payloads...

Sending the request...

-------RESPONSE --------
<soap:Envelope xmlns:soap="" 
  <batchResponse xmlns="urn:oasis:names:tc:DSML:2:0:core" 
		 <searchResultEntry dn="dc=fabrikam,dc=com">
			 <attr name="dc"><value>fabrikam</value></attr>
				 <resultCode code="0" descr="success"/>